CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 2CVE-2010-1244
https://notcve.org/view.php?id=CVE-2010-1244
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en createDestination.action en Apache ActiveMQ anteriores a v5.3.1, permite a atacantes remotos secuestrar la autenticación de víctimas sin identificar que para peticiones que crea colas a través del parámetro JMSDestination en una acción queue. • http://activemq.apache.org/activemq-531-release.html http://secunia.com/advisories/39223 https://exchange.xforce.ibmcloud.com/vulnerabilities/57398 https://issues.apache.org/activemq/browse/AMQ-2613 https://issues.apache.org/activemq/browse/AMQ-2625 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 4CVE-2010-0684
https://notcve.org/view.php?id=CVE-2010-0684
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en createDestination.action en Apache ActiveMQ anteriores a v5.3.1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro JMSDestination en una acción queue. • http://activemq.apache.org/activemq-531-release.html http://secunia.com/advisories/39223 http://securitytracker.com/id?1023778 http://www.rajatswarup.com/CVE-2010-0684.txt http://www.securityfocus.com/archive/1/510419/100/0/threaded http://www.securityfocus.com/bid/39119 https://exchange.xforce.ibmcloud.com/vulnerabilities/57397 https://issues.apache.org/activemq/browse/AMQ-2613 https://issues.apache.org/activemq/browse/AMQ-2625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •